Court: self-incrimination privilege won’t protect password

The privilege against self-incrimination, a federal court has ruled, does not …

A federal district court in Vermont has ruled that the Fifth Amendment right against self-incrimination does not bar the government from requiring Sebastien Boucher, who faces charges of possessing child pornography, to decrypt his laptop hard drive. A lower court had previously quashed a subpoena compelling Boucher to enter his password, reasoning that this was tantamount to requiring a defendant to testify against himself.

Boucher, a Canadian citizen who legally resides in the U.S., was stopped while returning to the country in 2006. Immigration officials searched his laptop at the border, and found thousands of image files that a border agent judged, on the basis of their file names, to be probable adult and child pornography. After viewing several images, border guards seized the laptop and shut it down—at which point Boucher's Pretty Good Privacy encryption kicked in, locking down the Z drive on which the files were contained.

Federal prosecutors initially sought a grand jury subpoena ordering Boucher to provide the password that would allow them to decrypt his hard drive. They later amended their request—presumably in hopes of avoiding Fifth Amendment concerns—clarifying that they would ask Boucher to enter the password himself in front of the grand jury. Despite this, a magistrate judge ruled in 2007 that the act of entering the password, even if the password itself was not disclosed to the government, was "testimonial" and therefore could not be compelled without offending the Fifth Amendment.

The author of the 2007 opinion, Judge Jerome Niedermeier, distinguished the order to enter the password from the superficially similar requirement that a defendant produce the key to a locked safe on the grounds that asking for the password was a demand that Boucher reveal the contents of his mind. Even though the password itself might not be incriminating, either disclosing or entering it would entail "implicit statements of fact, such as admitting that evidence exists, is authentic, or is within a suspect's control."

The government had sought to surmount Fifth Amendment barriers to its subpoena by stipulating that it would not use the fact of Boucher's knowledge of the password against him—prosecutors had ample evidence linking him to the laptop already, after all, not least his own admissions to the border guards. But Niedermeier would have none of it. Citing the 2000 case U.S. v. Hubbell, which disallowed the use of documents showing tax fraud against a defendant who had been granted immunity for the act of producing them (i.e. for demonstrating his knowledge of the documents). "The testimonial aspect of the entry of the password," wrote Niedermeier, "precludes the use of the files themselves as derivative of the compelled testimony."

Niedermeier similarly rejected the argument that the existence and location of the files—as opposed to their precise contents—was already known to the government, a "foregone conclusion." Since the files themselves are ordinary physical evidence, lacking any special protection, the privilege against self-incrimination applies only to the extent that the "testimony" of entering the password gives the government new information. "While the government has seen some of the files on drive Z, it has not viewed all or even most of them," Niedermeier reasoned. "While the government may know of the existence and location of the files it has previously viewed, it does not know of the existence of other files on drive Z that may contain incriminating material."

On February 19, however, Judge William Sessions reached a different conclusion. Though he did not directly address Niedermeier's Hubble analysis, Sessions accepted the "foregone conclusion" rationale, arguing that the lower court judge had erred in failing to distinguish between the contents of files on Boucher's Z drive and their existence and location.

The distinction here is fairly subtle, but the crucial legal point appears to be the interpretation of the "reasonable particularity" requirement that applies when government demands the "testimonial" production of evidence. Crudely put, the government can demand that you produce that bloody knife the police saw you run into the woods with, but they can't insist that you turn over any objects you may have around the house that would prove you guilty of a crime. In one case, they're just insisting that you provide the thing they intend to show the jury; in the other, you're supplying the information that helps them convict you.

Niedermeier reasoned that even if border guards had seen some of the files on the Z drive, prosecutors could not force Boucher to produce all the files on the drive. For Sessions, by contrast, the government's knowledge that it was after "the drive" constituted sufficient "particularity" that decrypting it merely gave prosecutors access to the specific contents of evidence they already knew about in reasonable detail.

It's a fuzzy enough distinction that Boucher's lawyers hope the next court up the ladder might land on the other side of it: they've already filed notice of their intention to appeal.

87 Reader Comments

This is a horrid ruling. It is sad that no one has the balls to re pass our bill of rights with specifics to computers and other forms of digital data.

That being said, we are still riding the pull made in the 80s towards the crime control model. These shifts happen in waves, so I am confidant that if the country isn't destroyed when this sine wave comes out of the depths of stupidity, more due process law will be passed and our digital rights will eventually exist.

If the defendant simply claims, "I have forgotten it", What happens? What if he actually has forgotten it? It seems like a serious problem where people can be jailed or punished for having faulty memory.

Or what of the cases where an encrypted file is found on the drive and the owner has no actual knowledge of where the file came from? Spouses, children, malware, non-malware software that encrypts information. What if he says, I don't know. Or are these scenarios not important in this instance, since the ruling is based on other facts of the case?

What happens if the program used to encrypt the drive can be used to destroy the data with the use of a second "doomsday" password? If the court cannot prove that the data existed how can the defendant be held for destroying evidence? Quite the problem.

Yes, at this point in time (after what will be several years, at least, by the time the next appeal goes to decision), there's no way it would be unreasonable to assume he'd simply forgotten the password. I forget passwords I use semi regularly... ask me a password I haven't used in a couple of years? No way.

I would imagine TrueCrypt and other, similar products are trumpeting this as well. They allow mulitple passwords... the first one reveals the contents of a visibly mounted but encrypted volume, where you could put things like emails from your spouse, passport scans, and other private but innocuous things. The second password mounts and decrypts a second volume hidden within the first with the stuff you really want secret. There's an option being discussed as an extra feature in TrueCrypt (it's open source) that will add a third password that will both decrypt the first (decoy) encrypted volume and securely erase the hidden (real stuff) volume.

But yeah... regardless of technical hoops the suspect goes through to protect his data, 'I forgot' would seem an unassailable defense, especially after a few years of back and forth appeal.

OK, lets use this example. The government knows you have been embezzling money. They can get a court order to enter your office and home and look for specific documents that prove your guilt wether or not we know exactly what that document will contain or wether or not we know speicifcally where it is located in your home or business. Why is searching a hard disk for files we know to exist any different? Once we find those files, further warrent can be issued to investigate all document holdings by the accussed. We know a few file names, we get a warrent for the password, open them, document a prove guilt, then use that power to get further warrent to inspect the remainder of the files in that location.

Protection from search and seisure does not prevent them from searching, it only protects you from ILLEGAL search, the kind that are being done out of spite, harrassment, or without any burden of proof or direction of intent to find specifically defined evidence.

Protection from self incrimimnation only means you can't be forced to admit guilt, but you CAN be forced to give up the password to a safe that a warrent deems legally searchible in the effort to find specific things based on the prior colection of sufficient proof that such things will be found there.

I also believe whole heartedly in the following: If you have comitted a crime, evidence is evidence is eveidnce. I don't really give a shit HOW they collect it, only that it is uncontaiminated evidence collected and has a valid chain of evidence. If it was collected illegally, it should STILL be admissible, we just also prosecute those who collected it for collecting it illegally... Tainted evidence is one thing, but validated evidence should NEVER be omitted from a trial just because someone's rights were violated colelcting it. That person already violated the rights of others. Proof of a crime is proof, period!

Trust me, i know a LOT of cops. They're not going to go breaking into your house, risking their careers, homes, even freedoms, just to catch you randomly being guilty of a crime noone knew about. Heck, even if they KNOW you're guilty, it;s got to be something REALLY SERIOUS for them to saccrifice their own freedom in order to prove you guilty.

When these laws were bound into the constitution, people did not have locks on their doors. Cops did not have procudure and documentation to seize items. And it wasn't the COURTS we were worried about, but the govenrment itself coming in and taking your WEALTH and personal property to fund itself (aka, as a TAX). THAT'S what they were seizing, not evidence.

Self incrimination: that came from the whitch trials... beating or torturing someone into confessing was a plague on this country. Making that illegal broungt a level of respect back to the courts. People were willing to go into a court room without fear they were going to be beaten, tortured, or tricked into pleading guilty for something. We now have a burden of proof. Getting that rpoof however is in no way illegal, as long as it is sanctioned by comittee and court. (and there ARE ways to fight that process).

I also believe whole heartedly in the following: If you have comitted a crime, evidence is evidence is eveidnce. I don't really give a shit HOW they collect it, only that it is uncontaiminated evidence collected and has a valid chain of evidence. If it was collected illegally, it should STILL be admissible, we just also prosecute those who collected it for collecting it illegally... Tainted evidence is one thing, but validated evidence should NEVER be omitted from a trial just because someone's rights were violated colelcting it. That person already violated the rights of others. Proof of a crime is proof, period!

@Zelannii - you must have a lot of faith in the government.

Regarding the last 2 sentences (in bold), you do realize that in the USA, a person is innocent until proven guilty, right? Which means that until the verdict is passed, the "criminal" hasn't been found guilty of a "crime."

Niedermeier similarly rejected the argument that the existence and location of the files—as opposed to their precise contents—was already known to the government, a "foregone conclusion."

What seems a "forgone conclusion" to me, is that if the government did not need access to these files to gain a conviction, then it would proceed outside of any need to use these files as evidence against the defendant. If the government's case, however, depends upon the defendant being forced to open these files, then it would seem the defendant is being compelled to incriminate himself, since the state has demonstrated no ability to access the files apart from the defendant himself being coerced to provide the government such access. In that case, the defendant's 5th-amendment rights certainly are being violated.

I do not believe that a jury would reach the same "forgone conclusion" about those files that this judge apparently has reached.

Using a failsafe password to destroy the encrypted volume is tantamount to destroying evidence. Now, if that also decrypts some innocuous secrets, then you can simply claim the border agents must have been mistaken. There is no evidence to the contrary.

Well, unless they image the "blank" space on the partition before and after decryption, and see that it is significantly altered, then they can guess that you must have done something to it. Whether that qualifies as "proof" I can't say.

If it was collected illegally, it should STILL be admissible, we just also prosecute those who collected it for collecting it illegally.

I agree with aquasub, you have a surprising level of trust in our government. Who is in charge of prosecuting those cops who collected evidence illegally? The DA. Who benefits from the illegal evidence? The DA. How often will cops be prosecuted? You fill in the blank.

Making illegally obtained evidence inadmissible, and having that determination made a separate branch of government, is the only effective deterrent.

quote:

beating or torturing someone into confessing was a plague on this country. Making that illegal broungt a level of respect back to the courts.

I think it's quite likely that making self-incriminating testimony inadmissible is what prevents coerced self-incriminating testimony. Imagine the scenario otherwise, if it were merely illegal:

1. Confession beaten out of innocent person2. Innocent claims in court the confession was coerced3. Judge refers case to DA for prosecution and allows the testimony to stand4. Innocent person convicted5. DA finds insufficient evidence to prosecute a cop since the only evidence is the testimony of a convicted felon

Same exact situation. Any illegally obtained evidence must be unusable.

PS I'm used to sites with a preview... pardon me if I messed up the formatting.

Originally posted by Zelannii:OK, lets use this example. The government knows you have been embezzling money. They can get a court order to enter your office and home and look for specific documents that prove your guilt wether or not we know exactly what that document will contain or wether or not we know speicifcally where it is located in your home or business. Why is searching a hard disk for files we know to exist any different? Once we find those files, further warrent can be issued to investigate all document holdings by the accussed. We know a few file names, we get a warrent for the password, open them, document a prove guilt, then use that power to get further warrent to inspect the remainder of the files in that location.

Protection from search and seisure does not prevent them from searching, it only protects you from ILLEGAL search, the kind that are being done out of spite, harrassment, or without any burden of proof or direction of intent to find specifically defined evidence.

They don't need a defendant's help to search his home and business. They just have a locksmith open the door. Or break it down.

Problem is in the digital world, there are no qualified locksmiths, and the door is (effectively) unbreakable.

Closest analogy I can come up with is a defendant known to have incriminating evidence in a bus station locker, but has filed the number off the key. And there are 500,000 lockers in the bus station. Can they compel him to point out the appropriate locker? I don't think so. And "I forgot" would be an equally plausible answer in this scenario.

This is not about protection from search and seizure, it is about self-incrimination. And it is over that line IMO.

Originally posted by Zelannii:I also believe whole heartedly in the following: If you have comitted a crime, evidence is evidence is eveidnce. I don't really give a shit HOW they collect it, only that it is uncontaiminated evidence collected and has a valid chain of evidence. If it was collected illegally, it should STILL be admissible, we just also prosecute those who collected it for collecting it illegally... Tainted evidence is one thing, but validated evidence should NEVER be omitted from a trial just because someone's rights were violated colelcting it. That person already violated the rights of others. Proof of a crime is proof, period!

++

When I'm elected President, you will be my first appointee to the SCotUS.

Originally posted by Zelannii:OK, lets use this example. The government knows you have been embezzling money. They can get a court order to enter your office and home and look for specific documents that prove your guilt wether or not we know exactly what that document will contain or wether or not we know speicifcally where it is located in your home or business. Why is searching a hard disk for files we know to exist any different? Once we find those files, further warrent can be issued to investigate all document holdings by the accussed. We know a few file names, we get a warrent for the password, open them, document a prove guilt, then use that power to get further warrent to inspect the remainder of the files in that location.

The defendant, remember, was crossing the border. There was no prior knowledge or even suspicion on the part of the government, apparently, that the defendant had committed a crime. Thus "the government knows you've been embezzling" argument would not seem to apply in this case.

quote:

Protection from search and seisure does not prevent them from searching, it only protects you from ILLEGAL search, the kind that are being done out of spite, harrassment, or without any burden of proof or direction of intent to find specifically defined evidence.

The issue concerns self-incrimination, not illegal search.

quote:

Protection from self incrimimnation only means you can't be forced to admit guilt, but you CAN be forced to give up the password to a safe that a warrent deems legally searchible in the effort to find specific things based on the prior colection of sufficient proof that such things will be found there.

Although I can't say just from reading this article, it certainly looks as if the government believes that without forcing the defendant to give up his password that it has no case against the defendant. Legally, the burden of proof falls to the state, not the defendant. If the defendant is compelled to hand the state its case, then it certainly seems that the defendant has lost his right not to self-incriminate.

You are disturbingly misinformed and wrong on a number of points. I'll point out a few.

quote:

Originally posted by Zelannii:OK, lets use this example. The government knows you have been embezzling money. They can get a court order to enter your office and home and look for specific documents that prove your guilt wether or not we know exactly what that document will contain or wether or not we know speicifcally where it is located in your home or business.

Warrants have to point out the particular place to be searched and the items to be seized. Hence warrants for residences will spell out where in the house objects in question are thought to be located (garage, bedroom, etc) and only those areas should be searched. Warrants can't just state "we're going to look in Mr. X's home and office for documents that will prove his guilt."

quote:

Why is searching a hard disk for files we know to exist any different? Once we find those files, further warrent can be issued to investigate all document holdings by the accussed. We know a few file names, we get a warrent for the password, open them, document a prove guilt, then use that power to get further warrent to inspect the remainder of the files in that location.

Because in the scenario in this case you're going beyond a search by the police for standard objects and contraband. You are attempted to search someone's mind, and violate their right to remain silent.

quote:

Protection from self incrimimnation only means you can't be forced to admit guilt, but you CAN be forced to give up the password to a safe that a warrent deems legally searchible in the effort to find specific things based on the prior colection of sufficient proof that such things will be found there.

Incorrect. (Previously at least) You cannot be forced to give up the password to a safe. The police can obtain a warrant and break into the safe, or find the key, but they cannot get a warrant to retrieve information from your brain. The Fifth Amendment privilege against self-incrimination doesn't mean "you can't be forced to admit guilt," it means you can't be forced to testify against yourself. In other words, you can't be forced to provide information in your own brain that may incriminate you.

quote:

I also believe whole heartedly in the following: If you have comitted a crime, evidence is evidence is eveidnce. I don't really give a shit HOW they collect it, only that it is uncontaiminated evidence collected and has a valid chain of evidence. If it was collected illegally, it should STILL be admissible, we just also prosecute those who collected it for collecting it illegally... Tainted evidence is one thing, but validated evidence should NEVER be omitted from a trial just because someone's rights were violated colelcting it. That person already violated the rights of others. Proof of a crime is proof, period!

That is a truly frightening paragraph. I hope for the country's sake you are just young and naive. Given your viewpoint, what would be wrong if the police just stormed into every house on a block then? If they didn't find evidence of a crime, the homeowners would be free to go about their business, but if there was evidence of a crime, the homeowners would be arrested. They already committed crimes right?

quote:

Trust me, i know a LOT of cops. They're not going to go breaking into your house, risking their careers, homes, even freedoms, just to catch you randomly being guilty of a crime noone knew about. Heck, even if they KNOW you're guilty, it;s got to be something REALLY SERIOUS for them to saccrifice their own freedom in order to prove you guilty.

And if things were run your way, there would be little downside to the police breaking into houses and terrifying the populace in their zeal to obtain evidence of crimes.

quote:

When these laws were bound into the constitution, people did not have locks on their doors. Cops did not have procudure and documentation to seize items. And it wasn't the COURTS we were worried about, but the govenrment itself coming in and taking your WEALTH and personal property to fund itself (aka, as a TAX). THAT'S what they were seizing, not evidence.

Yikes. I don't know where to start with that one. You think the Fourth and Fifth Amendments primarily had to do with taxes and not unchecked governmental (read: police) power?

quote:

Self incrimination: that came from the whitch trials... beating or torturing someone into confessing was a plague on this country. Making that illegal broungt a level of respect back to the courts. People were willing to go into a court room without fear they were going to be beaten, tortured, or tricked into pleading guilty for something. We now have a burden of proof. Getting that rpoof however is in no way illegal, as long as it is sanctioned by comittee and court. (and there ARE ways to fight that process).

While i don't see anything about this in the ars story, prior versions of this story about the ruling being overturned included the claim that this was being overturned because the government already saw what was on the drive, the defendant already gave them access and then later on refused, voiding his right against self incrimination, he already incriminated himself.

Also:

quote:

Originally posted by NervousEnergy:

There's an option being discussed as an extra feature in TrueCrypt (it's open source) that will add a third password that will both decrypt the first (decoy) encrypted volume and securely erase the hidden (real stuff) volume.

Thats the dumbest thing you could do, seriously. First thing i do if i want to analyze your drive is make an image copy and work on that. In no case am i going to allow your software to have read write access to the original. Further more if the password you give me unlocks specific blocks on a device and forms a filesystem, but then the software suddenly decides to write to a few billion other blocks where the filesystem doesn't reside, i know exactly what its doing and you just gave away the fact that there is a hidden volume, one that you have not provided the password for.

quote:

Originally posted by Zelannii:

The government knows you have been embezzling money. They can get a court order to enter your office and home and look for specific documents that prove your guilt wether or not we know exactly what that document will contain or wether or not we know speicifcally where it is located in your home or business. Why is searching a hard disk for files we know to exist any different? Once we find those files, further warrent can be issued to investigate all document holdings by the accussed. We know a few file names, we get a warrent for the password, open them, document a prove guilt, then use that power to get further warrent to inspect the remainder of the files in that location.

They saw the files in this case, which is why they already knew what was there. In most situations they DON'T know what is there, so the chain of events you describe is not valid. The fact that this is information and decrypting it requires the person to divulge a secret to facilitate that decryption puts this squarely in the realm of 5th amendment protection. You say files on a hard drive aren't any different, but they are. The police can get into an office if they really want to, or crack a safe. They can't usually decrypt files without the key, and getting the key requires your help = 5th amendment.

quote:

Originally posted by Zelannii:

Protection from self incrimimnation only means you can't be forced to admit guilt,

You should read it again some time:

"nor shall be compelled in any criminal case to be a witness against himself,"

quote:

I also believe whole heartedly in the following: If you have comitted a crime, evidence is evidence is eveidnce. I don't really give a shit HOW they collect it, only that it is uncontaiminated evidence collected and has a valid chain of evidence. If it was collected illegally, it should STILL be admissible, we just also prosecute those who collected it for collecting it illegally... Tainted evidence is one thing, but validated evidence should NEVER be omitted from a trial just because someone's rights were violated colelcting it. That person already violated the rights of others. Proof of a crime is proof, period!

Thats nice, you can believe what you want, you're wrong. Oh, and you're a sad example of someone who doesn't understand their constitutional rights and are apparently willing to give them up on moments notice. That was a nice way of putting it.

I wish there were better test cases for this kind of problem than child porn.Creation of child porn is so reprehensible that most people react emotionally instead of rationally. It sounds like there's really pretty good evidence for this guy being guilty, and if that's the case, it would be disappointing to see him get away with it.

On the other hand, the line between the space inside our own heads and what's in our personal technological devices is blurring quickly. If I have an artificial eye that keeps a 2 week buffer of everything I see, can I be compelled to let law enforcement take the data from it? What if it's a cerebral implant that directly augments my memory?

We have to ignore what he is accused of because it inflames our judgement. The idea that we could be forced to hand over our password (or type it in or whatever) goes against self-incrimination for me.

Evidence cannot be gathered without boundaries and innocent people DO get convicted.

I especially like the idea that he (we) might forget the password. How would you prove or disprove that? It certainly gets more plausible as time passes.

Ya, this is a shaky ruling. I have created TrueCrypt image on my hard drive only to find months later that I forgot the password. I ended up deleting the image as I couldn't for the life of me remember the damn password. Now imagine if I was before a judge who suspected there was something incriminating on that image and jailed me until I remembered it. Yikes! This is just a bit scary.

Originally posted by mrsteveman1:Thats the dumbest thing you could do, seriously. First thing i do if i want to analyze your drive is make an image copy and work on that. In no case am i going to allow your software to have read write access to the original.

Naturally. Thus, as someone has pointed out, your self-destruct password window has closed by that time. That doesn't make it a worthless feature.

quote:

Further more if the password you give me unlocks specific blocks on a device and forms a filesystem, but then the software suddenly decides to write to a few billion other blocks where the filesystem doesn't reside, i know exactly what its doing and you just gave away the fact that there is a hidden volume, one that you have not provided the password for.

Technically, no. All you have to do is overwrite one block that the billions of other blocks were XOR'd with after being encrypted. If you can't XOR them back, you can't decrypt them. And if they're well-encrypted, trying to reconstruct the XOR block should be relatively futile since there won't be any discernible way to tell the correct XOR result (encrypted data) from the incorrect ones (gibberish).

It would be relatively easy to lose that in the noise of general filesystem housekeeping.

Thats the dumbest thing you could do, seriously. First thing i do if i want to analyze your drive is make an image copy and work on that. In no case am i going to allow your software to have read write access to the original. Further more if the password you give me unlocks specific blocks on a device and forms a filesystem, but then the software suddenly decides to write to a few billion other blocks where the filesystem doesn't reside, i know exactly what its doing and you just gave away the fact that there is a hidden volume, one that you have not provided the password for.

Yes, given. I do forensics and ediscovery every day with EnCase. You'd use that third password when asked by the police what's on the drive in the initial stop. Border stops like this never involve writeblock acquisition first and perusal second... the cop simply boots the machine and quickly rifles through it, typically looking at the recent browse history and recent files list, and a top level directory. He clicks on 'F' drive and gets asked a password. You give him #3 and it's game over.

If the machine gets imaged, then you rely on the hidden volume within the volume. The NSA has their own resouces, of course, but AFAIK there's no way to easily tell if that second hidden volume exists. There are many ways to guess at it... writing files to the first hidden volume and seeing that certain allocation blocks never change, for example, but most of them can be overcome with thorough preparation.

"The Fifth Amendment privilege against self-incrimination doesn't mean "you can't be forced to admit guilt," it means you can't be forced to testify against yourself. In other words, you can't be forced to provide information in your own brain that may incriminate you."

Out of everything said here, I agree with this most strongly. Forcing someone to reveal a password, or the location of a key, or anything else is tantamount to invading their mind. If you are charged with a crime, I believe that it is your absolute right to remain completely silent until the trial is completed. You should not be required to say a word, although of course it can be in your best interest to testify on your own behalf. But it is upon the prosecution to provide the evidence, and if they can't because you choose to remain silent, then so be it.

I also believe whole heartedly in the following: If you have comitted a crime, evidence is evidence is eveidnce.

The purpose of a trial is to determine if someone committed a crime. You're essentially presuming guilt here. Allowing the use of illegally collected evidence basically encourages law enforcement to break the law. As the resident of a city where anti-gang units get rebooted every five to ten years because of corruption and hundreds of cases of police torture have come to light (25 years after the fact), I don't really trust the justice system to police itself. You can say that cops who use illegal means to collect evidence will be punished, but I have absolutely zero confidence in such an assertion.

As for this case, I have no idea what's right. The information in his head is not incriminating evidence, but using it to decrypt the hard drive will lead to incriminating evidence. To me that sounds a lot like self-incrimination. The Hubbell ruling is interesting, in that it ties the revelation of documents (an act for which he had immunity) to the content of those documents. That actually sounds a lot like this case: "we won't prosecute you for knowing the password, but we will prosecute you for what's revealed when you enter it." I think that'll be interesting if/when it gets addressed at the next level, since this judge ignored it.

Originally posted by dciskey:As for this case, I have no idea what's right. The information in his head is not incriminating evidence, but using it to decrypt the hard drive will lead to incriminating evidence. To me that sounds a lot like self-incrimination. The Hubbell ruling is interesting, in that it ties the revelation of documents (an act for which he had immunity) to the content of those documents. That actually sounds a lot like this case: "we won't prosecute you for knowing the password, but we will prosecute you for what's revealed when you enter it." I think that'll be interesting if/when it gets addressed at the next level, since this judge ignored it.

It's still inane.

"We won't prosecute you for knowing where the corpse is, but we will prosecute you for what's revealed when we locate it."

Originally posted by mrsteveman1:While i don't see anything about this in the ars story, prior versions of this story about the ruling being overturned included the claim that this was being overturned because the government already saw what was on the drive, the defendant already gave them access and then later on refused, voiding his right against self incrimination, he already incriminated himself.

As to "incriminating himself," do you mean that he told the border guards, "Here, dudes, look at this stuff! Great, huh?"...? If not, do you mean that they asked his permission to look at the laptop files and he gave it? If neither of those two scenarios is true, then the defendant had not previously incriminated himself.

I'm scratching my head wondering what the compelling interest of the border guards might be in inspecting the contents of a laptop hard drive during a routine border crossing. How much contraband can you stuff onto a laptop hard drive? It's conceivable that they might have had excuse to open the laptop to confirm that it was a functioning laptop and not a hollow repository for contraband, but beyond that, I can see no reason why border guards might actually inspect the files on a laptop. Principally, the preferred method for dissimulating illegal files like the ones alluded to in this case would be the Internet, I would think, as no border crossings are required.

If the machine gets imaged, then you rely on the hidden volume within the volume. The NSA has their own resouces, of course, but AFAIK there's no way to easily tell if that second hidden volume exists. There are many ways to guess at it... writing files to the first hidden volume and seeing that certain allocation blocks never change, for example, but most of them can be overcome with thorough preparation.

Except Truecrypt overwrites the hidden volume unless the volume is opened in a safe mode that precludes overwriting the hidden volume and requires both passwords (assuming I read your words right). It doesn't know there's anything different about those blocks unless it can decrypt them, or so is claimed in the documentation.

@sroylance: He's not being charged with creation of child porn, he's being charged with possession. Quite a difference, in that one entails abuse, and is thus illegal, and the other is merely possessing evidence that someone, somewhere, at some point, abused a kid, and is illegal because of a misconception that porn leads to sex crime, or perhaps because it's something that few would rally to defend, and is thus an easy target for banning by movements that would prefer that all pornography were banned. And as a banner movement to intrude upon civil liberties, increase government surveillance privilege, and more easily set bad precedents in courts.

Creation of child porn is so reprehensible that most people react emotionally instead of rationally. It sounds like there's really pretty good evidence for this guy being guilty, and if that's the case, it would be disappointing to see him get away with it.

I have $10 that says he had regular, adult aged porn on that drive and the "child" part was tacked on specifically to bias journalists, jurors, and judges against him. I love to see child porn peddlers locked up, but far too many of these "random" cases end up being child porn. Maybe I'm just being naive with the numbers of child porn peddlers and consumers, but it wouldn't be the first time some prosecutor went for the election, "I lock up child pornographers" campaign slogan with non-existent to highly dubious charges.

True Crypt's hidden volume is not really all that special. Its not invisible. Lets suppose you make a 500 Meg file vault, with 200 megs hidden. You put stuff in the visible 300 meg side. When you give the fake password to the cops, they are going to be able to tell that they cant put more than 300 megs in the vault which should be able to hold 500. Hence they will know you have a hidden section in the file vault.

As for evidence, the law is tilted to protect the individual, not to uncover the truth.

Originally posted by dciskey:As for this case, I have no idea what's right. The information in his head is not incriminating evidence, but using it to decrypt the hard drive will lead to incriminating evidence. To me that sounds a lot like self-incrimination. The Hubbell ruling is interesting, in that it ties the revelation of documents (an act for which he had immunity) to the content of those documents. That actually sounds a lot like this case: "we won't prosecute you for knowing the password, but we will prosecute you for what's revealed when you enter it." I think that'll be interesting if/when it gets addressed at the next level, since this judge ignored it.

It's still inane.

"We won't prosecute you for knowing where the corpse is, but we will prosecute you for what's revealed when we locate it."

Bwuh?

I agree. And the the judge in Hubbell agrees. But the most recent judge in this case didn't address the Hubbell decision at all, which is totally lame. Hopefully they will at the next level.

True Crypt's hidden volume is not really all that special. Its not invisible. Lets suppose you make a 500 Meg file vault, with 200 megs hidden. You put stuff in the visible 300 meg side. When you give the fake password to the cops, they are going to be able to tell that they cant put more than 300 megs in the vault which should be able to hold 500. Hence they will know you have a hidden section in the file vault.

TrueCrypt doesn't work that way. The 500 MB volume will look like 500 MB all the time, the only difference is the free space at the end of the volume (which is filled with random gibberish when it's first created) also has an additional 200 MB volume hidden in it. If you accidentally fill your 500MB volume with too much data (i.e. more then 300 MB), it overwrites the hidden volume, nuking it. There's essentially no way to tell the hidden volume exists, and it's up to the user to mentally remember not to exceed a certain amount of data when using this method.

I think you can maybe tell a hidden volume exists because the headers for both are at the start of the file, but you'd need to take a careful look at where the normal files are located and see if there's any offset. That also doesn't account for any filesystem weirdness, like my NTFS partitions having most of the files in the middle of the drive (MFT or something?)

Edit: Apparently not, as the hidden partition header is seemingly there regardless.

Originally posted by TechGeek:True Crypt's hidden volume is not really all that special. Its not invisible. Lets suppose you make a 500 Meg file vault, with 200 megs hidden. You put stuff in the visible 300 meg side. When you give the fake password to the cops, they are going to be able to tell that they cant put more than 300 megs in the vault which should be able to hold 500. Hence they will know you have a hidden section in the file vault.

As for evidence, the law is tilted to protect the individual, not to uncover the truth.

Totally false. You should read up on TrueCrypt before making such statements. The hidden vault does not modify the file system parameters of the outer vault at all... it's completely invisible to it. TrueCrypt scans the outer vault and finds the largest section of continuous clusters and tells the user that's the largest hidden vault size that can be selected. This is why it's possible (though difficult) to ascertain the presence of the hidden volume by adding and removing files from the outer volume... the cyphertext in the hidden section will change when it shouldn't.

Most users of TrueCrypt don't encrypt an entire partition, as that's a fairly pedestrian activity any number of products can do. TrueCrypts big feature is the ability to create a hidden partition inside of a file (file-hosted truecrypt container.) Total space available is dynamic.Edit: beaten like a red-headed stepchild by Bob.